API tools faq
paste
Advertisement
d3v1lg0

beta-squid3-ssl-xx1

d3v1lg0
Feb 21st, 2017
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.63 KB | None | 0 0
raw download clone embed print report
  1. #########################################################
  2. # #
  3. # squid3.5.x Rock Store Large support SmpScale #
  4. # http://wiki.squid-cache.org/Features/LargeRockStore #
  5. # http://wiki.squid-cache.org/Features/SmpScale #
  6. # #
  7. # created by www.hikmah-teknologi.com #
  8. # #
  9. # #
  10. #########################################################
  11.  
  12. # # Asumsi IP proxy linux singgle interfaces eth0 = 192.168.100.2 dan IP Local Client = 192.168.1.0/24
  13. # = Mangle mikrotik =
  14. # Taruh di baris paling awal (sebelum mangle qos)
  15. ## /ip fi ma
  16. ## add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=80 new-routing-mark=proxy src-address=192.168.1.0/24
  17. # Tambahkan ini jika ingin menginterceot port 443, tentunya ssl config harus di config dan si sesuaikan dulu, saat in hanya membahas fitur rock store
  18. # add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 dst-port=443 new-routing-mark=proxy src-address=192.168.1.0/24
  19. # = Routing Mikrotik =
  20. # /ip route
  21. # add distance=1 dst-address=0.0.0.0/0 gateway=192.168.100.2 routing-mark=proxy
  22. #
  23. # = Iptables Linux =
  24. # paste di console linux sebagai root :
  25. ## iptables -t nat -A PREROUTING -s 192.168.1.0/24 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.100.2:3128
  26. ## iptables -t nat -A PREROUTING -s 192.168.1.0/24 ! -d 192.168.0.0/16 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.100.2:3129
  27. #
  28. #port squid are listen
  29. #http_port 3128
  30. #http_port 3129 tproxy
  31. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
  32. http_port 0.0.0.0:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
  33. acl step1 at_step SslBump1
  34. acl step2 at_step SslBump2
  35. acl step3 at_step SslBump3
  36. ssl_bump peek step1 all
  37. ssl_bump bump all
  38. #
  39. sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/squid3/ssl_db -M 4MB
  40. sslcrtd_children 16 startup=1 idle=1
  41. sslproxy_capath /etc/ssl/certs
  42. sslproxy_cert_error allow all
  43. sslproxy_flags DONT_VERIFY_PEER #this line fixing www.gmail.com, mail.yahoo.com for some errors
  44. always_direct allow all
  45. ssl_unclean_shutdown on
  46. #
  47. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  48. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  49. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  50. #
  51. acl SSL_ports port 443
  52. acl Safe_ports port 80 # http
  53. acl Safe_ports port 21 # ftp
  54. acl Safe_ports port 443 # https
  55. acl Safe_ports port 70 # gopher
  56. acl Safe_ports port 210 # wais
  57. acl Safe_ports port 1025-65535 # unregistered ports
  58. acl Safe_ports port 280 # http-mgmt
  59. acl Safe_ports port 488 # gss-http
  60. acl Safe_ports port 591 # filemaker
  61. acl Safe_ports port 777 # multiling http
  62. acl CONNECT method CONNECT
  63. acl getmethod method GET
  64. #
  65. # storeid *test*
  66. acl urlrewrite dstdomain .fbcdn.net .akamaihd.net
  67. acl speedtest url_regex -i speedtest\/.*\.(jpg|txt)\?.*
  68. acl reverbnation url_regex -i reverbnation.*audio_player.*ec_stream_song.*$
  69. acl utmgif url_regex -i utm.gif.*
  70. acl playstoreandroid url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary.*
  71. acl idyoutube url_regex -i youtube.*(ptracking|stream_204|player_204).*(v\=|docid\=|video_id\=).*$
  72. acl videoyoutube url_regex -i (youtube|googlevideo).*videoplayback\?
  73. acl videoyoutube url_regex -i (youtube|googlevideo).*videoplayback\?
  74. acl loop_302 http_status 302
  75. acl getmethod method GET
  76. #acl storeid_rewrite_url url_regex ^https?:\/\/.*\.googlevideo\.com\/videoplayback\?
  77. #acl storeid_rewrite_url url_regex ^https?:\/\/.*\.ytimg\.com.*\.(webp|jpg|gif)
  78. #
  79. #acl storeid_rewrite_url url_regex ^https?:\/\/profile.ak.fbcdn.net\/hprofile-ak-[a-z]{3}[0-9]\/
  80. #acl storeid_rewrite_url url_regex ^https?:\/\/.*?([a-z]{4,}).*?.ak.fbcdn.net\/
  81. #acl storeid_rewrite_url url_regex ^https?:\/\/fbcdn-(s?photos|profile)-[a-z]-a.akamaihd.net/h(profile|s?photos)-ak-
  82. #acl storeid_rewrite_url url_regex ^https?:\/\/fbcdn-(profile|dragon)-[a-z]\.akamaihd.net/h(profile|photos)-ak-
  83. #acl storeid_rewrite_url url_regex ^http:\/\/(.*)\/speedtest\/.*\.(jpg|txt|bmp)
  84. #acl storeid_rewrite_url url_regex ^http:\/\/[a-z0-9]{4}\.reverbnation\.com\/.*\/([0-9]*).*
  85. #acl storeid_rewrite_url url_regex ^http:\/\/[0-9]?.bp.blogspot\.com\/(.*)\/s.*?\/.*(jpg|png|gif)$
  86. #acl storeid_rewrite_url url_regex ^http.*\,avast\.com\/.*\.vpx$
  87. #acl storeid_rewrite_url url_regex ^http:\/\/fs[0-9]{2}.filehippo.com\/([0-9]{4})\/
  88. acl nocache url_regex \.(ini|ui|ver|patch|lst|inf|cfg|md5|key|pub|list|txt|db|log|html)$ \.(php|jsp|cgi|asx|asp|aspx|js)$
  89. acl nocache url_regex (hackshield|notice|xtrap|login|registration|reset)
  90. #
  91. http_access deny !Safe_ports
  92. http_access deny CONNECT !SSL_ports
  93. http_access allow localhost manager
  94. http_access deny manager
  95. http_access allow localnet
  96. http_access allow localhost
  97. http_access deny all
  98. #
  99. visible_hostname de-isle.blogspot.co.id
  100. cache_mgr fox.skd@gmail.com
  101. pid_filename /var/run/squid3.pid
  102. error_directory /usr/share/squid3/errors/en
  103. strip_query_terms off
  104. access_log daemon:/var/log/squid3/access.log squid
  105. cache_log /var/log/squid3/cache.log
  106. cache_store_log none
  107. cache_replacement_policy heap GDSF
  108. memory_replacement_policy heap LFUDA
  109. #Mmebuat Directory Cache Disk dengan type rock store :
  110. #Buat device shm
  111. #paste di console linux sebagai root :
  112. ## echo "shm /dev/shm tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab
  113. ## echo "net.local.dgram.recvspace = 262144" > /etc/sysctl.conf
  114. # echo "net.local.dgram.maxdgram = 16384" > /etc/sysctl.conf
  115. ## mount -a
  116. ## chown proxy:proxy /var/run/squid3
  117. #
  118. #asumsi 5 disk virtual masing2 8GB utk cache_dir dengan disk directory mulai /var/spool/squid3/1 sd /var/spool/squid3/5
  119. #pergunakan max 50% jadi 4Gb per cache_dir
  120. #ketik di console linux
  121. ## mkdir /var/spool/squid3/{1,2,3,4,5}
  122. ## chown proxy:proxy /var/spool/squid3/*
  123. ## squid3 -z
  124. #
  125. #angka setelah cache_dir rock/aufs 4096 = artinya 4096MB=> dalam satuan MB => 4GB
  126. #angka di setelah min-size=/max-size= dalam satuan bytes
  127. #silahkan di sesuaikan itu hanya contoh dalam virtual box
  128. #
  129. #=============================================#
  130. workers 3
  131. cache_dir rock /cache/0 4096 min-size=0 max-size=65536 swap-timeout=300 max-swap-rate=200/sec
  132. if ${process_number} = 1
  133. cache_dir ufs /cache/1 4096 16 256 min-size=65536 max-size=1024000
  134. endif
  135. if ${process_number} = 2
  136. cache_dir ufs /cache/2 4096 16 256 min-size=1024000 max-size=2048000
  137. endif
  138. if ${process_number} = 3
  139. cache_dir ufs /cache/3 4096 16 256 min-size=2048000 max-size=4096000
  140. endif
  141. #=============================================#
  142. cache_mem 64 MB
  143. maximum_object_size_in_memory 8 KB
  144. memory_cache_mode disk
  145. store_avg_object_size 64 KB
  146. #
  147. cache_replacement_policy heap GDSF
  148. coredump_dir /cache
  149. #
  150. cache deny nocache
  151. #
  152. logfile_rotate 1
  153. shutdown_lifetime 5 second
  154. #
  155. snmp_port 3401
  156. snmp_access allow all
  157. snmp_incoming_address 0.0.0.0
  158. snmp_outgoing_address 0.0.0.0
  159. #
  160. qos_flows local-hit=0x30
  161. qos_flows sibling-hit=0x30
  162. qos_flows parent-hit=0x30
  163. #
  164. cache_effective_user proxy
  165. cache_effective_group proxy
  166. #resolver
  167. dns_nameservers 127.0.0.1
  168. dns_timeout 20 seconds
  169. dns_v4_first on
  170. client_dst_passthru off
  171. host_verify_strict off
  172. reload_into_ims on
  173. refresh_all_ims on
  174. detect_broken_pconn on
  175. client_persistent_connections off
  176. server_persistent_connections on
  177. vary_ignore_expire on
  178. shutdown_lifetime 3 seconds
  179. #squidbooster trial 30 days
  180. #store_id_program /etc/squid3/64bits/ut-squidbooster -i -g -l /var/log/squid3
  181. #store_id_children 10 startup=5 idle=2 concurrency=0
  182. #refresh_pattern -i ^http:\/\/.*\.unveiltech\.internal\/.* 324000 100% 432000 override-expire override-lastmod refresh-ims reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate
  183. #store-id
  184. #store_id_program /usr/lib/squid3/storeid_file_rewrite /etc/squid3/store-id.pl
  185. #store_id_children 40 startup=10 idle=5 concurrency=0
  186. #store_id_access deny !getmethod
  187. store_id_access deny nocache
  188. #store_id_access allow storeid_rewrite_url
  189. #store_id_access deny all
  190. #store_id_bypass on
  191. store_id_program /usr/bin/perl /etc/squid3/storeid.pl
  192. store_id_children 40 startup=10 idle=5 concurrency=0
  193. store_id_access deny !getmethod
  194. store_id_access allow urlrewrite
  195. store_id_access allow speedtest
  196. store_id_access allow reverbnation
  197. store_id_access allow utmgif
  198. store_id_access allow playstoreandroid
  199. store_id_access allow idyoutube
  200. store_id_access allow videoyoutube
  201. store_id_access deny all
  202.  
  203. store_miss deny videoyoutube loop_302
  204. send_hit deny videoyoutube loop_302
  205. # REFRESH PATTERN
  206. refresh_pattern (akamaihd|fbcdn)\.net 14400 99% 518400 ignore-no-store ignore-private ignore-reload ignore-must-revalidate store-stale
  207. refresh_pattern -i squid\.internal 14400 99% 518400 ignore-no-store ignore-private ignore-reload ignore-must-revalidate store-stale
  208. refresh_pattern -i https?:\/\/.*\.xx\.fbcdn\.net\/.*\.(jpg|png) 43830 99% 259200 override-expire override-lastmod ignore-reload
  209. refresh_pattern static\.(xx|ak)\.fbcdn\.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
  210. refresh_pattern ^https?\:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 241920 99% 241920 ignore-reload override-expire ignore-no-store
  211. refresh_pattern (audio|video)\/(webm|mp4) 129600 99% 129600 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  212. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 20% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  213. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
  214. refresh_pattern -i (yimg|twimg)\.com\.* 1440 100% 129600 override-expire ignore-reload reload-into-ims
  215. refresh_pattern -i (ytimg|ggpht)\.com\.* 1440 80% 129600 override-expire override-lastmod ignore-auth ignore-reload reload-into-ims
  216. refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?|\.mp4|\.webm|\.flv|((audio|video)\/(webm|mp4))) 241920 100% 241920 override-expire ignore-reload ignore-private ignore-no-store ignore-must-revalidate reload-into-ims ignore-auth store-stale
  217. refresh_pattern -i ^https?\:\/\/.*\.googlevideo\.com\/videoplayback.* 10080 99% 43200 override-lastmod override-expire ignore-reload reload-into-ims ignore-private reload-into-ims ignore-auth store-stale
  218. refresh_pattern ^\.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
  219. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  220. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  221. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  222. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  223. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  224. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  225. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  226. refresh_pattern (zynga|topeleven|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  227. refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  228. refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|iop|nzp|pak|mar|msp) 10080 80% 10080 override-expire override-lastmod reload-into-ims ignore-reload
  229. refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  230. refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob|webm) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  231. refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 80% 10080 override-expire override-lastmod reload-into-ims
  232. refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|cup|dvr-ms|ram|rpm|exe|inc|cab|qt) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  233. refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar|pak|cup) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  234. refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  235. refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  236. refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 10080 100% 43800 override-expire override-lastmod ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  237. refresh_pattern -i .(html|htm|css|js|xml)$ 1440 75% 40320
  238. refresh_pattern -i .index.(html|htm)$ 0 75% 43800
  239. refresh_pattern -i ^http.*squid\.internal.* 43200 100% 799000 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  240. #KEEP THESE LINES AT BOTTOM OF CONFIGURATION
  241. refresh_pattern ^ftp: 1440 20% 10080
  242. refresh_pattern ^gopher: 1440 0% 1440
  243. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  244. refresh_pattern . 0 99% 518400 ignore-no-store ignore-private reload-into-ims store-stale
  245. #refresh_pattern . 0 50% 4320
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!